Lucas Caton

Why I regenerated my SSH key and maybe you should too

I think we all agree it’s a good practice to regenerate your SSH key from time to time. Not sure about you, but the first thing that comes to my mind when I think about that is: it’d take forever to replace my key in all servers I need to access, all online services that use my key, etc.

Overcoming my laziness, I decided at least to list those place it turned out it was a small list:

Servers

Github

BitBucket

Although now it looks more reasonable, I was still lazy to do it. But then I noticed that Github recommends the use of HTTPS instead of SSH for Git repositories syncs:

What does one thing have to do with another? Well, by using HTTPS, you don’t need to upload your SSH key to Github (check this out: mine isn’t longer at Github).

BitBucket also supports it, which means I’d be able to regenerate my SSH key without having to upload it again to these services.

Servers

What’s left? Servers! From now on, every time I realise it’s time to regenerate my SSH key, all I need to update are the servers.
I ended up making a list of servers that I’d need to update and found out in the end it wasn’t a big list and it’d be way easier than I thought it would.

Let’s face the truth: I had been using the same SSH key in the last 5 years or so and it’d be totally worth it to ensure my security as well as the security of the projects from the company I work for.

Becoming safer

There’s more! This is the interesting part of this post: I’ve changed other things that made everything even safer:

Cool, but would I need to type this token every time? Nope. There’s a nifty tool called ssh-agent that can save your token. If you’re using macOS, it’s even easier: Keychain can save and encrypt your token for you.

My SSH key now has a passphrase, also saved encrypted on macOS’s Keychain, which means I don’t need to type it every time either.